Welcome to GeekPolice!

We truly love technology and security and we want to share it with the world. Recognize the excitement of technology here daily:☞Security Discussion on malware, ransomware, and much more!
☞24/7 hard- and software tech support (+mobile!)
☞Virus and malware removal support
☞Business & Enterprise Users/Endpoints Now Supported!!
☞Tons of tutorials, guides and solutions
☞The very finest of our voluntary Support Staff
☞Much, much more FREE!

I am posting this from a different computer as mine will only let me access the internet sporadically. I was able to run an older version of spybot by renaming it, but I cannot run a newer version and I cannot run malware. When I click on those programs to run them, nothing happens.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:1) Run Spybot-S&D2) Go to the Mode menu, and make sure "Advanced Mode" is selected3) On the left hand side, choose Tools -> Resident4) Uncheck "Resident TeaTimer" and OK any promptsYou can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately.

I disabled teaTimer, when I run hijackthis the F2 file keeps reappearing. I also cannot access the link to malwarebytes you provided. In fact, I cannot even log into the forum and I'm having a friend do this for me from her computer. Here is my latest log file.

Disconnect the computer from the Internet and from any networked computers until it is cleaned.

Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.

Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.

From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Lets run a rootkit scan.

1. Please download The Avenger by Swandog46 to your DesktopLink: HERE or HERE.

Click on Avenger.zip to open the file

Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:C:\WINDOWS\system32\sdra64.exeC:\WINDOWS\system32\iehelper.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

Under "Input script here:", paste in the script from the quote box above.

Leave the ticked box "Scan for rootkit" ticked.

Then tick "Disable any rootkits found"

Now click on the Execute to begin execution of the script.

Answer "Yes" twice when prompted.

The Avenger will automatically do the following:

It will Restart your computer.

On reboot, it will briefly open a black command window on your desktop, this is normal.

After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt

The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

Here is the text. Also, on this restart my AVG Resident Shield Alert popped up with Multiple threat detection. It said it has found 3 infections (trojan horses). It's asking if I want tit to remove threats or ignore. Which should I do?

Logfile of The Avenger Version 2.0, (c) by Swandog46http://swandog46.geekstogo.com

The rootkit is gone, and so is that nasty file that kept coming back in the F2 item. So go back into Hijack This as I instructed and fix it again, this time it shouldn't come back.

The rootkit is dead and not all it's files are uncovered, so lets take them get and get this cleaned up.

I'm going to bed now though, so I'll leave some instructions here and I'll look them over in the morning. Please do not leave this topic and leave me wondering, just becuase the problems act like they've gone, some malware still might get left behind that these scanners didn't catch. So do these in order as instructed below.